Review Best Practice Network Configuration
Use the Best Practice Assessment (BPA) tool to check
the network configuration (GlobalProtect, Zones, etc.) to identify
weaknesses to improve.
shows
all checks for network-related configuration and begins on the
Zones
page.
On the left nav, select the network check you want to review to
understand the existing configuration and to identify potential gaps
in best practice configuration related to Zones, GRE Tunnels, and
to GlobalProtect, IPsec Crypto, Interface Management, and Zone Protection
profiles. The following example shows the result for Zones.
The report shows the current configuration for each item. The
best practice check results for each item appears below its current
configuration. You can specify a
Device Group
and/or Template
to
limit the scope of the information displayed.Each check has pass/fail status and recommendations for failed
best practice checks. Click help (
) for
the rationale for each check and links to best practice documentation.
When one or more checks fail, the item’s title turns red.
) for
the rationale for each check and links to best practice documentation.
When one or more checks fail, the item’s title turns red. When you review the
Network
tab, at a
minimum, review the following items to help understand the potential
scope of remediation:- Zones—Whether each zone has Packet Buffer Protection enabled and has a Zone Protection profile.
- Zone Protection—Whether Flood Protection and Packet-Based Attack Protection are enabled.
